A local overflow exists in Quicktime. The program fails to validate movie attributes contained in a file resulting in an integer overflow. With a specially crafted file, an attacker can cause a very large memory copy resulting in a loss of integrity.

Upgrade to version 7.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015152
• Secunia Advisory ID: 17428
• CVE ID: 2005-2754 (see also: NVD)
• Related OSVDB ID: 20475 20477 20478
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0101.html
• Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=302772
• Other Advisory URL: http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt

• Piotr Bania - ania.piotrgmail.com -